Findings are often sourced from monitoring tools, such as vulnerability scanners (Nessus, Rapid7, Qualys), 3rd party or cyber risk continuous monitoring tools (Whitehawk, BitSight, Black Kite) that integrate with the 1Risk platform to provide data from which the Risk Manager evaluates the value and risk treatment.
Findings may also be created directly on the 1Risk Platform and mapped to Assessments, Controls, Assets and the Risk Register. Findings are first created from the Issue Management section, then mapped.
A Finding always maps to either an Internal Control or a Risk Register. Note: where the Finding maps to an Internal Control, the Risk Register associates via the Internal Control and its related Asset(s).
Assessment Findings are created directly in the Assessment. All C1Risk Assessment Templates provide response-based auto-creation for Findings. See Assessment Training for more detailed information.
- To create a new finding, select Issue Management > Findings > Add New
- Populate the fields:
- Finding name: Summary of the Finding
- Description: Detailed description
- Source: Select Internal Control or Risk Register (see Section 4 for more information on which source to select)
- Risk Treatment: Mitigate, Avoid, Accept, Transfer
- Due Date
- Primary/Additional Contacts: The Finding owner(s) who will provide Mitigation plans
- Click Save. Note the Finding has now been created, but the Finding Owner will not be notified until the Finding is published. This enables Findings to be retained without requiring Mitigation plans and/or sent in bulk to a Finding Owner.
- In the Finding Record, select ‘Publish’ to send a unique Finding to a Finding Owner
- In the Finding List View, select any DRAFT Findings, and click ‘Publish” to send to one or more Finding Owners.
- Once the Finding Status is Published the Finding Owner and Associated Contacts will receive an email notification of the Finding and a link to review and provide a response/Mitigation Plan. These plans can be monitored and reviewed in the 1Risk Platform. The Risk Manager and Finding Owner may also communicate on the platform during the Risk Mitigation process. (see Section 3).
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article